Self-service password reset –what is the most fitting solution to answer emerging IT qualms

Self-Service Password Reset solution is
a technology which enables domain users to unlock their account
password by themselves, often authenticating with an alternate
procedure, instead of seeking assistance from IT helpdesk. Such
solutions, found a dime a dozen these days, mostly function the same
way. Here’s a typical scenario:

A user forgets his account login
password; now instead of calling at helpdesk or raising an IT ticket,
he directly resets his password on his own by answering the preset
security questions linked with his account password settings through
a browser. Since, this process is typically web-based; a user must
launch a web browser to fix the problem and for that he/she needs to
access a system—but ironically the user actually cannot log in to
his workstation until the problem is solved.

That’s a
classic paradoxical situation. Thus, a big hurdle faced by
organizations is enabling users to access a workstation if they
forgot their primary password. There are a few ways to address this
Catch-22. “A catch-22 is a situation in which someone is in need of
something that can only be had (sic) by not being in need of it”,
as explained in Wikipedia. This term was originally coined by Joseph
Heller in his 1961 satirical novel Catch-22.

What are the alternatives?

The first option is to use a coworker’s
workstation. The user who has forgotten his password can request his
colleague to allow access to his system, open a browser and reset his
password using his client portal. But this is a risky business as
ideally a user is designated to access only his workstation. A
potential intruder may take advantage of this situation and get along
with a lot of unethical information if the actual user is physically
absent or oblivious to his intentions.

Another solution is vouching upon the
coworker instead of actually performing it on his/her workstation.
Users need to authorize coworkers in advance as who can reset their
account password on their behalf. This can typically help in a
situation where a user who is physically away from the corporate
network and forgot his PC's login password, an authorized co-worker
can resolve the issue. However, in this scenario, the problem lies in
determining which users should have the ability to authorize whom.
Along with, the traditional method of calling at helpdesk alternative
always remains but doesn’t that fail the whole self password reset
paradigm.

So, what can be an ideal solution?

An ideal solution would be allowing
users to tackle the workstation availability paradox without choosing
alternate options. A relatively better option is to let users reset
their password directly from their logon screen itself, typically the
ALT+CTRL+DEL screen. Users are presented with a restricted web
browser at their login screen with the only possibility to reset his
password without logging into the system.

Lepide Active Directory Self-Service
uses this advanced technology to allow users to not look further and
easily perform password reset and account unlock activity from their
logon screen itself. Users can also update their Active Directory
attributes through their client portal. Since, this kind of
technology directly allows access to computer resources, precisely a
web browser, to reset passwords without first authenticating to the
computer; security must be of high priority.